univnautes-tools / patches / stable / 10 / scrub_FIN+SYN_drop.diff @ a4e82bdf
1 |
diff --git a/sys/netpfil/pf/pf_norm.c b/sys/netpfil/pf/pf_norm.c
|
---|---|
2 |
index e1e9d5d..c561728 100644
|
3 |
--- a/sys/netpfil/pf/pf_norm.c
|
4 |
+++ b/sys/netpfil/pf/pf_norm.c
|
5 |
@@ -1349,7 +1349,7 @@ pf_normalize_tcp(int dir, struct pfi_kif *kif, struct mbuf *m, int ipoff,
|
6 |
goto tcp_drop; |
7 |
|
8 |
if (flags & TH_FIN) |
9 |
- flags &= ~TH_FIN;
|
10 |
+ goto tcp_drop;
|
11 |
} else { |
12 |
/* Illegal packet */ |
13 |
if (!(flags & (TH_ACK|TH_RST))) |